1

我在尝试将 java 库 (jar) 发布到 AWS CodeArtifact Maven 存储库时遇到问题。当我尝试发布它时,我得到 HTTP 状态代码 401(未经授权)。这表明我做错了什么,比如缺少 CODEARTIFACT_AUTH_TOKEN 环境变量,或者使用了错误的 aws 凭证/配置文件等。但是 AWS CodeArtifact 非常简单:我们只需要:

  • 生成一个新的 CODEARTIFACT_AUTH_TOKEN 并将其设置为环境变量,
  • 使用 username=aws 和 password=${env.CODEARTIFACT_AUTH_TOKEN} 更新我们的本地 Maven .m2/settings.xml 以指向 AWS CodeArtifact 服务器
  • 确保我们从有权访问 AWS CodeArtifact 域和 Maven 存储库的帐户生成该令牌(如果我们无论如何都无权访问,则会出错)。

...超级简单。然而,当我尝试使用我的设置“mvn deploy-file”时,我得到 401 Unauthorized ......请参阅下面的完整设置:

我通过 Cloudformation 模板设置了 AWS CodeArtifact 域和 Maven 存储库(如果需要,请忽略 NPM 和上游存储库):

AWSTemplateFormatVersion: "2010-09-09"

Description: CodeArtifact Domain, Maven repo, NPM repo, and upsteam repos 

Resources:
  CodeArtifactDomain:
    Type: AWS::CodeArtifact::Domain
    Properties:
      DomainName: mydomain
      PermissionsPolicyDocument:
        Version: 2012-10-17
        Statement:
          - Action:
              - codeartifact:CreateRepository
              - codeartifact:DescribeDomain
              - codeartifact:GetAuthorizationToken
              - codeartifact:GetDomainPermissionsPolicy
              - codeartifact:ListRepositoriesInDomain
              - sts:GetServiceBearerToken
              - codeartifact:DescribePackageVersion
              - codeartifact:DescribeRepository
              - codeartifact:GetPackageVersionReadme
              - codeartifact:GetRepositoryEndpoint
              - codeartifact:ListPackageVersionAssets
              - codeartifact:ListPackageVersionDependencies
              - codeartifact:ListPackageVersions
              - codeartifact:ListPackages
              - codeartifact:ReadFromRepository
              - codeartifact:PublishPackageVersion
              - codeartifact:PutPackageMetadata
            Effect: Allow
            Principal:
              AWS:
                - "arn:aws:iam::123456788904:root" 
                - "arn:aws:iam::123456789098:root"
                - "arn:aws:iam::123456789087:root"
            Resource: "*"
      Tags:
        - Key: Name
          Value: CodeArtifact Domain

  ArtifactUpstreamRepositoryMaven:
    Type: AWS::CodeArtifact::Repository
    Properties:
      RepositoryName: maven-upstream-repo
      DomainName: !GetAtt CodeArtifactDomain.Name
      ExternalConnections:
        - public:maven-central
  ArtifactRepositoryMaven:
    Type: AWS::CodeArtifact::Repository
    Properties:
      RepositoryName: maven-repo
      Description: Maven CodeArtifact Repository
      DomainName: !GetAtt CodeArtifactDomain.Name
      Upstreams:
        - !GetAtt ArtifactUpstreamRepositoryMaven.Name
      Tags:
        - Key: Name
          Value: Maven CodeArtifact Repository

  ArtifactUpstreamRepositoryNPM:
    Type: AWS::CodeArtifact::Repository
    Properties:
      RepositoryName: npm-upstream-repo
      DomainName: !GetAtt CodeArtifactDomain.Name
      ExternalConnections:
        - public:npmjs
  ArtifactRepositoryNPM:
    Type: AWS::CodeArtifact::Repository
    Properties:
      RepositoryName: npm-repo
      Description: NPM CodeArtifact Repository
      DomainName: !GetAtt CodeArtifactDomain.Name
      Upstreams:
        - !GetAtt ArtifactUpstreamRepositoryNPM.Name
      Tags:
        - Key: Name
          Value: NPM CodeArtifact Repository

Outputs:
  CodeArtifactDomain:
    Description: The CodeArtifact Domain
    Value: !Ref CodeArtifactDomain
    Export:
      Name: CodeArtifactDomain

我运行了上面的 cloudformation 模板并确认它已成功完成,然后导航到 CodeArtifact 以检查 CodeArtifact 域和存储库是否已成功创建(它们是)。然后我查找了我的存储库的连接说明。使用这些连接说明,我首先剪切并粘贴第一个:

export CODEARTIFACT_AUTH_TOKEN=`aws codeartifact get-authorization-token --domain mydomain --domain-owner <MY_ACCOUNT_NUMBER --query authorizationToken --output text`

然后我在 ~/.m2/settings.xml 中设置我的 Maven 设置,并将所有设置显示在我的存储库的连接说明(在 AWS 控制台中)中:

<?xml version="1.0" encoding="UTF-8"?>

<settings xmlns="http://maven.apache.org/SETTINGS/1.2.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.2.0 https://maven.apache.org/xsd/settings-1.2.0.xsd">

  <servers>
          <server>
                <id>mydomain-maven-repo</id>
                <username>aws</username>
                <password>${env.CODEARTIFACT_AUTH_TOKEN}</password>
          </server>
  </servers>

  <profiles>
          <profile>
                <id>mydomain-maven-repo</id>
                <activation>
                  <activeByDefault>true</activeByDefault>
                </activation>
                <repositories>
                  <repository>
                        <id>mydomain-maven-repo</id>
                        <url>https://mydomain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/</url>

                  </repository>
                </repositories>
          </profile>
  </profiles>
</settings>

最后,我尝试 mvn:deploy 我的一个库到 AWS CodeArtifact maven repo:

  mvn deploy:deploy-file \
    -DgroupId=com.myorg \
    -DartifactId=my-client_2.12 \
    -Dversion=1.0.1-play28    \
    -Dfile=./my-client_2.12-1.0.1-play28.jar   \
    -Dsources=./my-client_2.12-1.0.1-play28-sources.jar \
    -Djavadoc=./my-client_2.12-1.0.1-play28-javadoc.jar \
    -Dpackaging=jar                \
    -DrepositoryId=maven-repo    \
    -Durl=https://mydomain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/

我得到这个错误:

[INFO] Scanning for projects...
[INFO]
[INFO] ------------------< org.apache.maven:standalone-pom >-------------------
[INFO] Building Maven Stub Project (No POM) 1
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- maven-deploy-plugin:2.7:deploy-file (default-cli) @ standalone-pom ---
Uploading to maven-repo: https://my-domain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/.../my-client_2.12/1.0.1-play28/my-client_2.12-1.0.1-play28.jar
Uploading to maven-repo: https://my-domain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/.../my-client_2.12/1.0.1-play28/my-client_2.12-1.0.1-play28.pom
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  1.319 s
[INFO] Finished at: 2021-09-27T15:10:56-04:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy-file (default-cli) on project standalone-pom: Failed to deploy artifacts: Could not transfer artifact my-client_2.12:jar:1.0.1-play28 from/to maven-repo (https://my-domain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/): Transfer failed for https://my-domain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/.../my-client_2.12/1.0.1-play28/my-client_2.12-1.0.1-play28.jar 401 Unauthorized -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException

我可以通过运行确认我在 ~/.aws/credentials 中使用了正确的凭据

aws sts get-caller-identity

我也确认我

  • 拥有最新的 mvn 可执行文件
  • 将 M2_HOME 设置为指向我的 ~/.m2
  • 获得最近的令牌(不超过 12 小时)

我不知道为什么当我 mvn deploy-file 时我得到 401 未经授权...有什么想法吗?

4

1 回答 1

2

阿格,找到了。问题在于“mvn deploy:deploy-file”参数之一:

这:

-DrepositoryId=maven-repo

... 需要匹配 ~/.m2/settings.xml 中的服务器 ID:

<id>mydomain-maven-repo</id>

如果我将我的 mvn 命令更改为:

-DrepositoryId=mydomain-maven-repo

... 错误401 Unauthorized消失了!!!Argg AWS:这不应该是 404、400 还是其他?这不是未经授权的,它是一个未知的存储库。它正在推动 401 的定义……

无论如何,亲爱的互联网:如果 CodeArtifact 曾经对您返回 401,请注意您可能配置错误。这可能不是授权问题。

于 2021-09-27T20:02:01.240 回答